Expand Unity Catalog skill with governance, tags, security, sharing docs

[CheeYuTan]

Summary

Addresses #103. The UC skill was limited to system tables and volumes. This adds 4 new reference files documenting 7 MCP tools that were previously undocumented.

New files:

• 1-objects-and-governance.md — manage_uc_objects, manage_uc_grants (catalog/schema/volume/function CRUD, permissions)
• 2-tags-and-classification.md — manage_uc_tags (PII classification, data discovery, compliance tagging)
• 3-security-policies.md — manage_uc_security_policies (row filters, column masks, security functions)
• 4-sharing-and-federation.md — manage_uc_sharing, manage_uc_connections, manage_uc_storage (Delta Sharing, Lakehouse Federation, storage credentials)

SKILL.md expanded from 120 → 170+ lines with MCP tool table, governance quick start, and permission combinations reference.

All examples validated against a live Databricks workspace. MCP tool parameter names verified against tool schemas.

Test plan

• All 7 UC MCP tools tested live (list catalogs, get grants, query tags, list storage credentials, list shares, list connections)
• Parameter names verified against MCP tool JSON schemas
• install_skills.sh updated with new extra files

[CheeYuTan]

Test Results

All tests run against commit 528ff31 (includes fix for contradictory statement in common issues table).

Test	Status	Details
CI Validation (validate_skills.py)	PASS	All 26 skills validated
SKILL.md Frontmatter	PASS	name: 26 chars, lowercase+hyphens. description: 199 chars, no XML
install_skills.sh Registration	PASS	Skill registered, description updated, all 7 extra files listed
MCP Tool Descriptors	PASS	All 7 tools have JSON schemas: manage_uc_objects, manage_uc_grants, manage_uc_tags, manage_uc_security_policies, manage_uc_sharing, manage_uc_connections, manage_uc_storage
Live MCP Tool Tests	PASS	3 tools tested against live workspace
Content Accuracy	PASS	Security policy bypass rules correct; sharing uses flat params; federation uses options dict

Live MCP Tool Test Evidence

manage_uc_objects(action="list", object_type="catalogs")
→ Returned 4 catalogs: lakemeter_catalog, system, samples, fevm_shared_catalog

manage_uc_tags(action="list", full_name="system", object_type="catalog")
→ Returned empty tags (expected for system catalog)

manage_uc_grants(action="list", full_name="system", object_type="catalog")
→ Returned grants: account users has BROWSE, EXECUTE, READ_VOLUME, SELECT, USE_CATALOG, USE_SCHEMA

Fix Applied During Testing

• Fixed contradiction in 3-security-policies.md common issues table — it incorrectly stated ALL_PRIVILEGES bypasses row filters/column masks, contradicting the correct statement above it. Now consistent: only metastore admins and account admins bypass them.